Govt fines technology company on privacy claims

The company behind the popular Path social networking service agreed to pay $800,000 to settle federal charges that it illegally collected personal information from cellphones without the knowledge or consent of its customers, the government said Friday.

Path Inc. of San Francisco collected names, addresses, phone numbers, email addresses and usernames for Facebook and Twitter accounts from its customers' cellphones without permission, the Justice Department and Federal Trade Commission said.

These customers included roughly 3,000 children under 13 and occurred even in cases when a Path customer sought to block the service from collecting the information. The government said Path collected the information the first time a customer signed into the service and upon every subsequent sign-in.

"The user had no meaningful choice as to the collection and storage of personal information from the user's mobile device contacts, and the user interface options were illusory," according to the Justice Department's lawsuit against Path. The Justice Department filed the case against Path on Thursday in federal court in San Francisco at the FTC's request. Path acknowledged the legal settlement on Friday.

Path said in a statement that even before the FTC had contacted the company, it was made aware that its service was allowing children under 13 to register as customers. It said it has suspended all accounts for users under 13.

"There was a period of time where our system was not automatically rejecting people who indicated that they were under 13," the company said. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any underage accounts that had mistakenly been allowed to be created."

Path's statement on Friday did not respond to the government's charge that the company had violated privacy assurances that it made to adult customers whose personal information it collected without permission. But it had previously apologized, in February 2012, for what it described as the mistake of collecting that information from adults and said it had deleted its customers' uploaded contact information from its own computers.

Days earlier, the company's chief executive, Dave Morin, had defended the practice in a statement that said, "We believe this type of friend finding and matching is important to the industry and that it is important that users clearly understand it."

The Path fine comes as the FTC adopts new recommendations to make sure companies in the rapidly expanding mobile market are aware of privacy concerns and offer better information to consumers about data practices. The FTC wants app developers and operating system providers, including Apple and Google, to give consumers real-time disclosures and obtain their express consent before accessing sensitive content like geographic location, contact lists and photos.

"This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans," said outgoing FTC Chairman Jon Leibowitz, who on Friday formally announced plans to leave the agency.

Path, founded by Morin, an ex-Facebook employee, calls itself a "personal network." It lets users of Apple and Android cellphones create personal journals and share photos, videos and updates with a smaller group of friends than on Facebook. The app has been popular with children.

The fines assessed against Path were for violating the federal Children's Online Privacy Protection Act, which prohibits companies from accessing information from children under 13 without a parent's consent.

Leibowitz described rapid developments in cellphones as "a Wild West of sorts," presenting unique challenges for government watchdogs. Customers worldwide bought about 217 million smartphones in the last three months of 2012.

The FTC says consumers using smartphones have become more concerned about privacy. About 57 percent of all app users have either uninstalled an app or declined to install one over concerns about having to share personal information. Less than a third of Americans believe they are "in control" of personal data on their mobile devices, the FTC report found.

"All of this can leave us wondering whether and how our private interests are being protected," Leibowitz said.

The FTC recommended that operating system providers and app developers develop icons that show data being transmitted from cellphones. It also recommended a one-stop "dashboard" that would let consumers review the types of content that apps can access.